Reading through the CNIL’s new decision against Yahoo on cookies brings back to mind a question that has stuck with me for well over a decade: what is the exact reasoning that has led many EU-based authorities to say that advertising cookies/etc. are not strictly necessary for the provision of a service, and why does […]
It’s finally open: public consultation by the European Commission on the GDPR. Privacy campaigners will be sure to respond – but will controllers & processors? This is your chance to submit comments on what works and what doesn’t. Whether you see weaknesses in the way in which the DPO role is structured (I know this […]
Interesting new CJEU judgment on “controllership” (but only limited considerations re “joint controllership”) and perhaps incidentally broadening the legal ground of “legal obligation” under the GDPR. The CJEU says that legal provisions can determine the purposes and means “at least implicitly”, which is not exactly what some authorities had considered previously. The context: the Moniteur […]
As a Data/Tech lawyer and software developer, I love innovation. But I am also cautious about using solutions without first knowing which problem precisely they will solve – or using technology without first thinking about issues that may arise from their use. I have been helping companies on the use of artificialintelligence tools for several […]
Surely you don’t need consent to display a user interface? UIs illustrate issues re the EDPB’s strict ePrivacy guidelines, combined with a strict approach re consent exemptions. After all: – UIs are programming instructions (e.g. in HTML, CSS, Javascript in the case of websites) so that your browser / OS / … knows how to […]
Just over two weeks to go to comment on the extremely extensive ePrivacy guidelines of the EDPB, now covering pretty much any interaction with the Internet or a computer. Working on one anonymised response in particular to integrate concerns of certain organisations, I wonder once more why the EDPB did not seek to better justify […]
With the New Year comes a reminder that many companies update their contractual terms / privacy statements / etc. around this time – so keep track of what is happening. [A while ago I built a monitoring tool for one client to automatically keep them informed of updates (even small ones) to various legal documents […]
Amazing how many posts I see from law firms and consultants about the AI Act and saying they can advise on the implications for businesses – before the details of the final text are known! We know some of the general ideas, but don’t run to lawyers just yet for precise advice – or risk […]
You probably don’t want to miss this! Tomorrow I have the pleasure of taking part in a roundtable on targeted advertising and “Pay or OK”, covering topics such as: – Regulatory developments affecting profile-based advertising – Legitimacy of targeted advertising as a business model – Subscription models (+ “pay or data”) as a valid compliance […]
Thanks Eduardo Ustaran for hosting and moderating this roundtable, where I will also have the pleasure of discussing “Pay or OK” and targeted advertising with Townsend FEEHAN (IAB Europe), Cecilia Alvarez (Meta), Miko?aj Barczentewicz (University of Surrey) and David Pfau (Conreri). Looking forward to this! gdpr data protection eprivacy
